crack[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

crack.exe
Size

10.3MB
MD5

35edb0779e02ec906ba08da6115eeae7
SHA1

c662f58d8421c854b30da34c6e0ddc37783cb953
SHA256

22646544be869e18d9b35687a6592c3ea1ac0d423badc40cb6059388b1bf362c
SHA512

82e2fe81587b40e96b4fef23819037809d94c1f0f11393c8b91387a0dbaa70c368498707cd7a66ba71056352af90619d1204db7067f7daa47060ee5c8eee889b
SSDEEP

98304:QqMT8fPVdo+hZ9ZWI3Blm+AgMnOZ0EVmCs9rhcw3M//OfYts2SsJXkn7IG/HPidx:cs1BlLjZ0EVmCs9rhlSm0siJdeJ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
crack.exe

Files

crack.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 951KB - Virtual size: 952KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 226KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 170KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

_TIM
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_EinTim_
Size: 4KB - Virtual size: 10.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 951KB - Virtual size: 952KB

Size: 226KB - Virtual size: 240KB

Size: 170KB - Virtual size: 176KB

Size: 35KB - Virtual size: 36KB

Size: 512B - Virtual size: 4KB

Size: 2KB - Virtual size: 4KB

.imports Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: 5.7MB - Virtual size: 5.7MB

.boot Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 512B - Virtual size: 4KB

_TIM Size: 17KB - Virtual size: 20KB

_EinTim_ Size: 4KB - Virtual size: 10.3MB

.text
Size: 951KB - Virtual size: 952KB

.imports
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: 5.7MB - Virtual size: 5.7MB

.boot
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 512B - Virtual size: 4KB

_TIM
Size: 17KB - Virtual size: 20KB

_EinTim_
Size: 4KB - Virtual size: 10.3MB